@pellux/goodvibes-agent 0.1.80 → 0.1.82

package/src/input/commands/local-auth-runtime.ts

@@ -1,128 +0,0 @@
-import type { CommandContext, CommandRegistry } from '../command-registry.ts';
-import { openCommandPanel, requireLocalUserAuthManager } from './runtime-services.ts';
-import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
-import { requireYesFlag, stripYesFlag } from './confirmation.ts';
-
-function formatRoles(roles: readonly string[]): string {
-  return roles.length > 0 ? roles.join(', ') : '(none)';
-}
-
-export function handleLocalAuthCommand(args: string[], ctx: CommandContext): void {
-  const parsed = stripYesFlag(args);
-  const commandArgs = [...parsed.rest];
-  const sub = (commandArgs[0] ?? 'review').toLowerCase();
-  const auth = requireLocalUserAuthManager(ctx);
-  if (sub === 'panel' || sub === 'open') {
-    openCommandPanel(ctx, 'local-auth');
-    return;
-  }
-
-  if (sub === 'add-user') {
-    const username = commandArgs[1];
-    const password = commandArgs[2];
-    const roles = commandArgs[3]?.split(',').map((value) => value.trim()).filter(Boolean) ?? ['admin'];
-    if (!username || !password) {
-      ctx.print('Usage: /auth local add-user <username> <password> [roles] --yes');
-      return;
-    }
-    if (!parsed.yes) {
-      requireYesFlag(ctx, `add local auth user ${username}`, '/auth local add-user <username> <password> [roles] --yes');
-      return;
-    }
-    try {
-      const added = auth.addUser(username, password, roles);
-      ctx.print(`Added local auth user ${added.username} (${formatRoles(added.roles)}).`);
-    } catch (error) {
-      ctx.print(summarizeError(error));
-    }
-    return;
-  }
-
-  if (sub === 'delete-user') {
-    const username = commandArgs[1];
-    if (!username) {
-      ctx.print('Usage: /auth local delete-user <username> --yes');
-      return;
-    }
-    if (!parsed.yes) {
-      requireYesFlag(ctx, `delete local auth user ${username}`, '/auth local delete-user <username> --yes');
-      return;
-    }
-    try {
-      const deleted = auth.deleteUser(username);
-      ctx.print(deleted ? `Deleted local auth user ${username}.` : `Unknown local auth user: ${username}`);
-    } catch (error) {
-      ctx.print(summarizeError(error));
-    }
-    return;
-  }
-
-  if (sub === 'rotate-password') {
-    const username = commandArgs[1];
-    const password = commandArgs[2];
-    if (!username || !password) {
-      ctx.print('Usage: /auth local rotate-password <username> <password> --yes');
-      return;
-    }
-    if (!parsed.yes) {
-      requireYesFlag(ctx, `rotate password for local auth user ${username}`, '/auth local rotate-password <username> <password> --yes');
-      return;
-    }
-    try {
-      auth.rotatePassword(username, password);
-      ctx.print(`Rotated password for ${username}. Existing sessions were revoked.`);
-    } catch (error) {
-      ctx.print(summarizeError(error));
-    }
-    return;
-  }
-
-  if (sub === 'revoke-session') {
-    const token = commandArgs[1];
-    if (!token) {
-      ctx.print('Usage: /auth local revoke-session <token-or-fingerprint> --yes');
-      return;
-    }
-    if (!parsed.yes) {
-      requireYesFlag(ctx, 'revoke local auth session', '/auth local revoke-session <token-or-fingerprint> --yes');
-      return;
-    }
-    ctx.print(auth.revokeSession(token) ? `Revoked session ${token.slice(0, 12)}…` : `Unknown session token or fingerprint: ${token}`);
-    return;
-  }
-
-  if (sub === 'clear-bootstrap-file') {
-    if (!parsed.yes) {
-      requireYesFlag(ctx, 'clear the local auth bootstrap credential file', '/auth local clear-bootstrap-file --yes');
-      return;
-    }
-    ctx.print(auth.clearBootstrapCredentialFile()
-      ? 'Removed bootstrap credential file.'
-      : 'No bootstrap credential file was present.');
-    return;
-  }
-
-  const snapshot = auth.inspect();
-  ctx.print([
-    'Local Auth Review',
-    `  user store: ${snapshot.userStorePath}`,
-    `  bootstrap file: ${snapshot.bootstrapCredentialPath}`,
-    `  bootstrap credentials: ${snapshot.bootstrapCredentialPresent ? 'present' : 'cleared'}`,
-    `  users: ${snapshot.userCount}`,
-    `  sessions: ${snapshot.sessionCount}`,
-    ...snapshot.users.map((user) => `  user: ${user.username}  roles=${formatRoles(user.roles)}`),
-    ...snapshot.sessions.map((session) => `  session: ${session.username}  expires=${new Date(session.expiresAt).toISOString()}  fingerprint=${session.tokenFingerprint}`),
-  ].join('\n'));
-}
-
-export function registerLocalAuthRuntimeCommands(registry: CommandRegistry): void {
-  registry.register({
-    name: 'local-auth',
-    aliases: ['auth-local'],
-    description: 'Inspect and manage local runtime auth users, sessions, and bootstrap credentials',
-    usage: '[review|panel|add-user <username> <password> [roles] --yes|delete-user <username> --yes|rotate-password <username> <password> --yes|revoke-session <token-or-fingerprint> --yes|clear-bootstrap-file --yes]',
-    handler(args, ctx) {
-      handleLocalAuthCommand(args, ctx);
-    },
-  });
-}

package/src/panels/local-auth-panel.ts

@@ -1,130 +0,0 @@
-import type { Line } from '../types/grid.ts';
-import { createEmptyLine } from '../types/grid.ts';
-import { ScrollableListPanel } from './scrollable-list-panel.ts';
-import {
-  buildDetailBlock,
-  buildGuidanceLine,
-  buildPanelListRow,
-  buildPanelLine,
-  buildSummaryBlock,
-  buildPanelWorkspace,
-  DEFAULT_PANEL_PALETTE,
-  type PanelPalette,
-} from './polish.ts';
-import type { LocalAuthSnapshot } from '@pellux/goodvibes-sdk/platform/security';
-import type { LocalAuthInspectionQuery } from '../runtime/ui-service-queries.ts';
-
-const C = {
-  ...DEFAULT_PANEL_PALETTE,
-  info: '#38bdf8',
-  warn: '#eab308',
-  error: '#ef4444',
-  selectBg: '#1e293b',
-} as const;
-
-function formatRoles(roles: readonly string[]): string {
-  return roles.length > 0 ? roles.join(', ') : '(none)';
-}
-
-type LocalAuthUser = LocalAuthSnapshot['users'][number];
-
-export class LocalAuthPanel extends ScrollableListPanel<LocalAuthUser> {
-  private readonly authManager: LocalAuthInspectionQuery;
-
-  public constructor(authManager: LocalAuthInspectionQuery) {
-    super('local-auth', 'Local Auth', 'U', 'monitoring');
-    this.showSelectionGutter = true; // I5: non-color selection affordance
-    this.authManager = authManager;
-  }
-
-  protected override getPalette(): PanelPalette {
-    return C;
-  }
-
-  protected getItems(): readonly LocalAuthUser[] {
-    return this.authManager.inspect().users;
-  }
-
-  protected renderItem(user: LocalAuthUser, _index: number, selected: boolean, width: number): Line {
-    return buildPanelListRow(width, [
-      { text: user.username.padEnd(20), fg: C.value },
-      { text: ` roles=${formatRoles(user.roles)}`.slice(0, Math.max(0, width - 24)), fg: C.info },
-    ], C, { selected });
-  }
-
-  protected override getEmptyStateMessage(): string {
-    return ' No local auth users configured.';
-  }
-
-  public render(width: number, height: number): Line[] {
-    const intro = 'Review local runtime auth users, bootstrap state, and active sessions.';
-    const snapshot = this.authManager.inspect();
-    const users = this.getItems();
-
-    const issueMessages: string[] = [];
-    if (snapshot.bootstrapCredentialPresent) issueMessages.push('Bootstrap credential file still exists and should be cleared after password rotation.');
-    if (snapshot.userCount <= 1) issueMessages.push('Only one local auth user is configured.');
-    if (snapshot.sessionCount === 0) issueMessages.push('No active local auth sessions are currently tracked.');
-
-    const headerLines: Line[] = [
-      ...buildSummaryBlock(width, 'Local auth posture', [
-        buildPanelLine(width, [
-          [' users ', C.label],
-          [String(snapshot.userCount), C.value],
-          ['  sessions ', C.label],
-          [String(snapshot.sessionCount), snapshot.sessionCount > 0 ? C.info : C.dim],
-          ['  bootstrap ', C.label],
-          [snapshot.bootstrapCredentialPresent ? 'present' : 'cleared', snapshot.bootstrapCredentialPresent ? C.warn : C.good],
-        ]),
-        buildPanelLine(width, [[' user store ', C.label], [snapshot.userStorePath.slice(0, Math.max(0, width - 13)), C.dim]]),
-        buildPanelLine(width, [[' bootstrap file ', C.label], [snapshot.bootstrapCredentialPath.slice(0, Math.max(0, width - 18)), C.dim]]),
-        ...(issueMessages.length > 0
-          ? issueMessages.map((issue) => buildPanelLine(width, [[` issue: ${issue}`.slice(0, Math.max(0, width)), C.warn]]))
-          : [buildPanelLine(width, [[' local auth posture looks healthy.', C.good]])]),
-        buildGuidanceLine(width, '/auth local rotate-password <user> <password> --yes', 'rotate bootstrap/default credentials and revoke older sessions as needed', C),
-      ], C),
-    ];
-
-    if (users.length === 0) {
-      const workspace = buildPanelWorkspace(width, height, {
-        title: 'Local Auth Control Room',
-        intro,
-        sections: [{ lines: headerLines }],
-        palette: C,
-      });
-      while (workspace.length < height) workspace.push(createEmptyLine(width));
-      return workspace;
-    }
-
-    this.clampSelection();
-    const selected = users[this.selectedIndex];
-
-    const footerLines: Line[] = [];
-    if (selected) {
-      footerLines.push(
-        ...buildDetailBlock(width, 'Selected user', [
-          buildPanelLine(width, [[' username ', C.label], [selected.username, C.value], ['  roles ', C.label], [formatRoles(selected.roles).slice(0, Math.max(0, width - 23)), C.info]]),
-          buildPanelLine(width, [[` next: /auth local rotate-password ${selected.username} <password> --yes`.slice(0, Math.max(0, width)), C.dim]]),
-          buildPanelLine(width, [[` next: /auth local delete-user ${selected.username} --yes`.slice(0, Math.max(0, width)), C.dim]]),
-        ], C),
-      );
-    }
-
-    if (snapshot.sessions.length > 0) {
-      footerLines.push(
-        ...snapshot.sessions.slice(0, 8).map((session) => buildPanelLine(width, [
-          [' ', C.label],
-          [session.username.padEnd(18), C.value],
-          [` expires ${new Date(session.expiresAt).toLocaleString()}`.slice(0, Math.max(0, width - 20)), C.dim],
-        ])),
-      );
-    }
-    footerLines.push(buildPanelLine(width, [[' /auth local review  mutations require --yes: add-user rotate-password revoke-session ', C.dim]]));
-
-    return this.renderList(width, height, {
-      title: 'Local Auth Control Room',
-      header: headerLines,
-      footer: footerLines,
-    });
-  }
-}